Horst Herb wrote:
>> Sounds interesting. But, how is that any better than writing
>> your
>> daily changes to a R/O CD?
>
>
> Because, when summond to a court case, I might "travel back in time", alter
> my computer time, alter my records, and burn any number of CD/RO in next to
> no
> time. Who can proof when these records have been made when nobody but me has
> access to that data?
>
....
>
> Any backup w/o notarial certification is worthless as court evidence unless
> the opponent's lawyer && the judge are technically entirely naive.
>
>
This is not strictly true. You need to demonstrate that
your operational procedures do a reasonable job of
precluding tampering with the backup and/or writing process.
For a one man operation, this of course, is difficult, and
the one man being tried in court is the same as the one man
demonstrating operating procedures. Now you need a third
party who can demonstrate satisfactory operational
procedures. (Now one could still bribe them or an
institution's operators, but that sort of stuff is a well
known problem and lawyers will attempt to discover is such
is likely)
> A digital notary service allows you to certify data integrity for any given
> time without the need of giving a 3rd party access to the original data. No
> confidentiality issues.
>
Exactly the point of using a trusted third party digital
notary service. This is even better in an open source world
because the code which invokes the third party and performs
the digital notary protocol can be reviewed easily by the
community. Proprietary systems would have to hire security
experts to certify that their implementation of the protocol
was sound, and every time they changed the code base, it
would need to be re-certified! That is clearly an expense
that only the few could make.
